Madison firm hosts national symposium on Internet security issues
Business New Haven
By: Susan E. Cornell
Stolen identities, computer viruses, online child safety, cyberstalking and harassment, network intrusion and denial-of-service attacks.
There's a new breed of criminal afoot, one who is threatening to overwhelm law-enforcement officials. These are some of the most evasive criminals ever known operating in a realm - the World Wide Web, which is moving so far so fast that law enforcement agencies and judicial systems are having difficulties keeping pace.
While the information superhighway has advanced nearly every aspect of society - improving health and education, fostering commerce, facilitating communications - the world of cyber crime has simultaneously introduce confounding challenges.
The Internet is the fastest growing medium in history; unfortunately, the attributes that have facilitated its proliferation (ease of use, anonymity, low cost) make the Web an extremely attractive medium for criminals for precisely the same reasons.
Statistics indicate that cyber crime is expanding almost proportionately with the enrichments and advancements being made by the Net's existence; the FBI has seen its cyber-crime caseload increase 1,200 percent over the past five years, and the bureau estimates that computer losses have risen $10 billion annually.
During authorized tests, engineers at IBM Global Services were able to break into 90 percent of online stores to access credit-card data. And the 2000 CSI/FBI Computer Crime and Security Survey reported that 90 percent of respondents detected security breaches in their systems within the previous 12 months and that 74 percent acknowledged financial losses due to the attacks.
In response to this astonishing increase in computer crimes, Internet Crimes Inc. was founded a year ago. The Madison-based company is the corporate offspring of PowerPhone Inc., also in Madison, which specializes in crisis communication training. PowerPhone is a 17-year old company, founded by Phil Salafia, that trains and certifies dispatchers globally in emergency communications. Salafia retired as president last year, yielding the reins to his son, Chris.
Dealing with law-enforcement personnel and being a technical zealot himself, Chris Salafia took notice of the exponential growth of crimes committed over the Internet. He initiated a few seminars and soon the concept and the business began to snowball and more resources needed to be dedicated.
A year later, the company is setting new standards for combating computer crime. Internet crimes is determined to assist law-enforcement agencies, schools and corporations to create a secure Internet environment for education, communication and business. Internet Crimes' team includes nationally recognized computer crime experts. The firm recently hosted a national cyber-crime summit in which corporate, law enforcement and school officials convened in a high-intensity training and networking symposium.
Gov. John G. Rowland even issued Internet Crimes an official degree proclaiming that the Connecticut corporation has recognized these dangers and have taken proactive steps to bring to the world's attention the perils of cyber-related advancements. Kicking off the event, Rowland officially proclaimed January 21, the opening day of the summit, Cyber-crime Awareness Day in Connecticut.
Internet Crimes is part of a family of businesses presided over by the 30-year-old entrepreneur. PowerPhone is the parent company, and Beacon Travel is in effect a sibling. With the senior Salafia's retirement last summer, Chris has taken the helm of all three enterprises.
Operating a travel agency in conjunction with Salafia's two other businesses has proven to be, as they say, synergistic.
Says Salafia: I opened Beacon Travel in 1998, initially for the purpose of serving the travel needs of PowerPhone Inc. PowerPhone is a public safety-training company that travels around the world conducting seminars for 911 personnel. We have 75 instructors who teach for us and travel all over the place.
In 1998, we spent over $750,000 on travel expenses and quickly realized we were not getting the best pricing/service from the local agencies we used, says Salafia. Knowing that the 'average' commission was ten percent [a figure since driven down by competition from Internet travel services], we figured that was $75,000 a year we were giving to someone else to do an adequate job. We knew we could do better.
There are a number of reasons for remaining in the travel business despite the changes in the industry following the emergence of e-booking. Salafia acknowledges that he has direct access to flight information, discounts and upgrades. I've been able to trim more than $50,000 from PowerPhone's [expenses]. Additionally, We have a large [and, he says, growing] number of corporate accounts that provide a steady stream of revenue. The leisure travel these professionals book is a bonus.
Salafia has successfully centralized travel and reduced expenses with PowerPhone, and now is able to offer travel services needed for the Internet Crimes business. In fact, how was the lion's share of travel arrangements made for attendees of the Cyber Crime Summit? Through Beacon Travel, natch. And this was a national conference.
CyberCrime 2001? This national conference and exhibition was held over a three-day period in January at Foxwoods Casino under the sponsorship of Deloitte & Touch and PriceWaterhouse Coopers, two of the nation's largest consulting firms. This symposium was design to provide corporate security professionals, school officials, prosecutor, and law-enforcement agencies with high-intensity training and a networking environment with the resources and information needed to combat the rapidly emerging world of Internet crime.
Says Salafia, Cyber-crime is one of the greatest threats to the growth of our economy, security of our networks, and even the safety of our nation's most valuable asset, our children.
Top experts from the FBI, the U.S. Customs, the U.S. Department of Justice, the IRS and state and local departments along with authorities from the corporate world (including Microsoft, Hewlett Packard and AOL) shared invaluable information on the common topic.
The more than 30 speakers included renowned forensics expert Henry Lee; Howard Schmidt, chief of information security at Microsoft Corp.; attorney and author Parry Aftab, an expert on children's Internet safety; author and chief of the sex crimes unit at the New York County District Attorney's Office, attorney Linda Fairstein; and former Justice Department head Scott Charney.
The cadre of speakers, quality of workshops and opportunity to network with other professionals from across the country made CyberCrime 2001 the premier computer-security conference in the country, crows Salafia.
Howard Schmidt opened the conference with a workshop on Critical Infrastructure. Society is now utterly dependent on the Internet, he explained.
All businesses will be technology businesses, said Schmidt. For example, UPS used to be a trucking company; now it's a technology company with trucks. Schmidt, who directs the activities of those responsible for Microsoft Information, discussed the lessons learned from attacks on Microsoft's network and ways in which all companies can empower themselves to prevent future aggression.
He explained the Microsoft Information Assurance Program, designed to make sure you are doing as much on the front-end and providing resources as preventative measures. The building blocks of information security, he said, are:
- Engineer IT securely
- Administer IT securely
- Test IT's defenses
- Respond to IT's weaknesses/exploits
- Investigate the threats, and
- Educate the world
Schmidt emphasized the importance of developing public and private cooperative relationships to tackle current as well as future challenges from cyberspace.
John McLean, director of training at Internet Crimes, spoke on Going Undercover on the Internet. While McLean's background is in law enforcement, he too touted the importance of a public and private partnerships.
This is not just a cop's job, it's your job to systematically eradicate crime on networks, McLean said. In his discussion of undercover operations, he said such activities on the Net can be very simple or very detailed. Law enforcement and corporate security should use the Internet as a tool to enhance their investigations.
Finally, applications of undercover operations in cyber-crime are endless, he said. The use of [undercover] investigative approaches online can be used in nearly every aspect of criminal activity.
New Haven's Henry Lee delivered an informative and entertaining presentation, New Technologies in the 21st Century in Criminal Investigations at the keynote dinner and awards presentation. Lee is a criminal forensic scientist, author, consultant and professor at the University of New Haven as well as the creator of the school's forensic science program.
Lee agrees that Fighting cyber-crime is a team approach. Private sector, legislators, police officers, prosecutors, judges - everybody has to fight together.
Nevertheless, The private sector can close the gap, said Lee. They can stop and help us. You can even have a watchdog. Legislators can pass the laws helping us. The training is so important in fighting the criminal.
Lee also maintained the theme of the conference, The more things change, the more they stay the same. In other words, criminals historically have developed means to defeat new anti-crime initiatives (train robberies of the late 1800s and the illegal sale of liquor during prohibition). The crimes themselves aren't much different today (fraud, theft, kidnapping, etc.), yet the foul deeds are committed in cyberspace - and the frontier is global.
The variety of topics discussed at Cyber Crime 2001 demonstrate how far-reaching the overall subject of computer crime is, how fast the problem is growing, how many new crimes exist, and why law-enforcement agencies and judicial systems are having difficulties keeping pace with the dark side of the Internet. Topics covered included: Internet gambling, stalking and harassment, profiling, computer search and seizure, computer crime prosecution, hackers, network intrusion, protecting e-commerce, encryption and even more.
Clearly, the age of computer technology has delivered extraordinary benefits yet poses tremendous challenges as well. Everyone in society is affected, from law-enforcement agencies to corporate security professionals to prosecutors to school officials to the estimated 375 million users. Armed with information and resources, however, we are better positioned and empowered to combat the challenges cyberspace has created.
With conferences, training, sharing of information, and a cooperative or a team approach involving both the public and the private sectors, we can eliminate the opportunity for the Internet to become the Wild West of yesteryear.